What does SpinOffice CRM do to be GDPR compliant?
We will process any personal data according to legislation in respect of the processing of personal data (such as the Personal Data Protection Act and the GDPR. SpinOffice does not share any information with third parties, except when required by law, or with explicit permission from you. Here are a number of measures that we offer you as a user to guarantee the security of your data and to increase the reliability of data. Data Processing Agreement When using SpinOffice CRM, our organization (Mulberry Garden B.V.) is the ‘processor’ of your data. In accordance with the upcoming GDPR legislation, it is required to conclude a ‘data processing agreement’ with all your processors. The data processing agreement is an agreement between the controller (you as the customer) and the processor (we), which specifies how the processor must deal with the personal data. The responsibility for having such an agreement lies with the 'controller', but we as processor have drawn up a processing agreement for you. This is signed by both of us and is immediately applicable. Do you want to conclude a processing agreement with us? Please contact us. Two-factor authentication on login In view of the GDPR we have upgraded our security with the introduction of two-factor authentication for SpinOffice CRM. This feature enables secure access to your account and ensures safety of your data and resources that reside in your SpinOffice account. When you log in to your average social networking site or app, you typically enter your username/email and password to access your account. This may be the single step taken by the website/app to verify your identity and grant access to your account. This is known as one-factor authentication. When you add another factor to this password-only authentication system, it is known as two-factor authentication (2FA). In such a setup, you are required to provide an additional piece of information to verify your identity. 2FA ensures that even if one of the factors have been compromised or leaked, the other factor keeps hackers/criminals from breaking into your account, thereby minimizing the risk of data theft. This is an option available in Pro and Enterprise. For more information, see the article How to enable two-factor verification in Pro? Periodic Pentest Although all data is stored encrypted, we periodically review our software to guarantee security. We do this by having a pen test performed by an external specialized agency Penetra Cyber Security. The purpose of a pentest is to gain insight into the risks and vulnerabilities of the examined system and to define improvements for the security - in other words, to combat the risks and vulnerabilities. Check out Storage, Backup & Security for more related articles about backups, security and data leaks.